Hi, > On BSD I'd say use a pf rule to block the IP for a time period if X > many concurrent states to port 53. Is something like that possible with > iptables on Linux?
Like a rate-limit for incoming connections? Yes, it's possible: iptables -A INPUT -p udp --dport 53 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 --rttl --name DNS -j DROP iptables -A INPUT -p udp --dport 53 -m state --state NEW -m recent --set --name DNS -j ACCEPT The first rule block every tentative above 10 each minute, but it's a quick'n dirty example, it's possible to have something better. [ http://www.debian-administration.org/articles/187 ] Bye. -- Xavier Belanger _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
